We sadly need to announce that our wallet has been compromised thus DO NOT send any further funds to any of the coin wallets, BTC, DVC, LTC, etc. We will setup a new wallet and reset all the addresses. This will most likely take the whole weekend.

Further update: The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore.

Further update: The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore.

Sorry for your lose.

Amm ... the RoR volnurability was posted to multiple large forums, including Slashdot.

Did the attacker see the announcement before you were able to realize it affects you and shut off your systems? How come you missed it for so long that you didn't shut your stuff off / upgrade in time?

No we did not switch servers, we: - applied the Ruby Rails patch - backed up all log files for further analysis - log files show the XML code injection, we validated all triggered commands to ensure nothing other than withdrawing funds (e.g. backdoor) was done.

2AM here, will need to catch some sleep, mistakes are easily made when being too tired.

No we did not switch servers, we: - applied the Ruby Rails patch - backed up all log files for further analysis - log files show the XML code injection, we validated all triggered commands to ensure nothing other than withdrawing funds (e.g. backdoor) was done.

2AM here, will need to catch some sleep, mistakes are easily made when being too tired.

This seems like a terrible plan of action. Your server could still be compromised, but site actions have been restored? Why is your wallet easily accessible by your web server?